Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/18 5:22 p.m.10 views

@acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

8.7CVSS5.5AI score
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/04/17 10:30 p.m.4 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the TokenAuthenticator process. An attacker can determine valid usernames by measuring response time differences when submitting authentication requests with the X-AUTH-USER header. Remediation Upgrade kimai/kimai to...

6.3CVSS5.8AI score
Exploits0References2
PyPA
PyPA
added 2015/01/16 4:59 p.m.7 views

PYSEC-2015-4

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...

5CVSS7AI score0.06783EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2015/01/13 12:0 a.m.3 views

UBUNTU-CVE-2015-0219

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in an HTTP header, as demonstrated by an X-AuthUser header...

5CVSS5.8AI score0.06783EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2015/01/13 12:0 a.m.6 views

PT-2015-4526 · Django +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Django versions 1.4.17 and earlier Django versions 1.6.x before 1.6.10 Django versions 1.7.x before 1.7.3 Description: The issue allows remote attackers to spoof WSGI headers by using an underscore character instead of a - dash character in a...

6.9CVSS6.8AI score0.06783EPSS
Exploits3References66
Rows per page
Query Builder